[EXTERNAL] Using openssl-rsautl for verifying signatures.
Erwann Abalea
erwann.abalea at docusign.com
Wed May 4 09:45:11 UTC 2022
Bonjour,
The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding
for signature operations.
PKCS#1v1.5 is rewritten in RFC2313.
Using the command line tool, you can reproduce this:
echo -n "Mary had a little lamb." > datatosign
either one of the following can be used to sign data:
openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > signing
openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst -sha1
-binary datatosign) -sign -pkeyopt digest:sha1 > signing
and you can display the signature either way (this will not "verify", it
will only perform the RSA verify operation with PKCS#1v1.5 padding, without
checking the validity or even if what has been signed is a DigestInfo
structure, and output the result of the RSA operation):
openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in signing
-asn1parse
openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub -pubin
-in signing -asn1parse
or you can actually verify the thing without displaying the result of the
RSA verify crypto operation:
openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in
<(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt
digest:sha1
openssl dgst -verify tests/keys/rsa_key1.pub -signature signing
-sha1 datatosign
On Wed, May 4, 2022 at 7:16 AM Philip Prindeville <
philipp_subx at redfish-solutions.com> wrote:
> Hi,
>
> I did the following in trying to build some validation steps to use
> against my own rewrite of the crypto functions in Asterisk (to use
> EVP-PKEY).
>
> % echo -n "Mary had a little lamb." | openssl sha1 -binary > digest
>
> % od -t x1 digest
> 0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04
> 0000020 bd ef 57 00
> 0000024
>
> % openssl rsautl -sign -inkey tests/keys/rsa_key1.key -pkcs -in digest >
> signing
>
> % openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in
> signing > digest2
>
> % od -t x1 digest
> 0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04
> 0000020 bd ef 57 00
> 0000024
>
> And all of that looks good.
>
> But when I take the result of calling:
>
> const char msg[] = "Mary had a little lamb.";
> unsigned msglen = sizeof(msg) - 1;
> char digest[20];
>
> /* Calculate digest of message */
> SHA1((unsigned char *)msg, msglen, digest);
>
> res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen,
> key->rsa);
>
> And write that (dsig, siglen) to a file (signing2) and then try to verify
> that, I get very different results:
>
> openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in
> signing2 -asn1parse
> 0:d=0 hl=2 l= 33 cons: SEQUENCE
> 2:d=1 hl=2 l= 9 cons: SEQUENCE
> 4:d=2 hl=2 l= 5 prim: OBJECT :sha1
> 11:d=2 hl=2 l= 0 prim: NULL
> 13:d=1 hl=2 l= 20 prim: OCTET STRING
> 0000 - 4e 07 b8 c7 aa f2 a4 ed-4c e3 9e 76 f6 5d 2a 04
> N.......L..v.]*.
> 0010 - bd ef 57 00 ..W.
>
> Why is RSA_sign() wrapping the signature in ASN.1?
>
> Or, put a different way, how do I reproduce what RSA_sign() is doing from
> the command line?
>
> Is there another command that does RSA signing besides rsautl?
>
> Thanks,
>
> -Philip
>
>
>
--
Cordialement,
Erwann Abalea.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220504/2d01c13a/attachment.htm>
More information about the openssl-users
mailing list